Application Whitelisting
Bypass using DLLs
By default DLLs are not included in AppLocker Rules, so we might be able to execute a unmanaged DLL payload with rundll32.exe.
Bypass using ADS
We can write a JScript payload to a whitelisted files ADS and then execute it with WScript:
Bypass using 3rd Party Scripting Engine
If Python or a similar interpreter is installed we can use that to bypass AppLocker.
Microsoft.Workflow.Compiler
MSBuild
JScript Execution using XSLT
Execute with:
Last updated